https://www.bilibili.com/video/BV19E411D78Q?p=64
TCP connection transmission in three stages:
Establish a TCP connection using client-server mode , initiate the application process to establish connection is called the client, while passively waiting for the application process is called server connection is established.
Suppose a process running on a single host (client) wants to establish a connection, the client application process first informs the client TCP with a process on another host (server), he wanted to establish a process on a server with a between the connection, the client will establish a TCP connection with a TCP server with the following steps in the TCP:
ROUND 1:
The client sends a connection request segment , no application layer data.
SYN = 1, seq = x (random)
the ROUND 2:
the server TCP connection for distribution and caching variables , returned to the client acknowledgment segments , allows connection, no application layer data. .
The SYN =. 1, the ACK =. 1, SEQ = Y (random), ACK = X +. 1
the ROUND. 3:
client TCP connections for distribution and variable cache , the server returns acknowledgment to the acknowledgment, may carry data.
SYN = 0, ACK = 1, SEQ = x + 1, y + ack = 1
SYN flooding attack:
SYN flooding attack occurred in the fourth OSI layer, in this way the use of the characteristics of the TCP protocol, is three-way handshake. Attacker sends
TCP SYN, SYN TCP three-way handshake is the first packet , and when the server returns ACK later, the attacker is not on
its re-confirm that the TCP connection is in a pending state, the so-called semi-connected state, the server does not receive
re-confirmed, but also repeatedly transmits ACK to the attacker. This will waste more resources of the server. Attacker service
transmitter that a very large number of TCP connections, since each had not even completed three-way handshake, so on the server, the
TCP connection because of a pending state and consumes CPU and memory, the server might crash last, it We can not provide normal users
the service.
Solution: the SYN the cookie
TCP connection release:
Two involved in a process. TCP connections in any one of which can terminate the connection, the end of the connection, the host of "resources" (cache and variables) will be released.
ROUND 1:
The client sends a connection release segment , stop sending data, actively closed TCP connection.
=. 1 the FIN, SEQ U =
the ROUND 2:
the server sending back an acknowledgment message a segment connecting the client to the server in this direction on the release of a semi - closed state.
=. 1 the ACK, SEQ = V, = U + ACK. 1
the ROUND. 3:
server End send data, it sends a connection release segment, actively closed TCP connection.
=. 1 the FIN, the ACK =. 1, SEQ = W, = U + ACK. 1
the ROUND. 4:
Client loopback - a segment acknowledgment packet, and then wait until the wait time set by the timer 2MSL (maximum segment lifetime), connected completely closed